The invention relates to a method and system for preventing the misuse of a copied subscriber identity in a mobile communication system.
Both the users and the network operator in all telecommunication networks have to be optimally protected against undesirable intrusions by third parties. Thus, various security procedures are called for in networks. The most important characteristics of network security are 1) protecting information relayed by the network, and 2) authentication of network users and access control. The most important protection mechanism in the foreseeable future is some kind of encryption. Authentication is a measure for ensuring that information is originating from the source indicated. It is typically based on passwords and keys. Access rights are indicated as the ability to send and/or receive via a switching channel. Also access mechanisms are based on some sort of password or key.
As data transmission to mobile subscribers takes place on a radio connection, public land mobile networks (PLMN) are especially vulnerable to misuse of their resources by unauthorized users who eavesdrop on the information exchanged on the radio path. This is because radio signals may be listened to and sent from any place without access to user or operator equipment. It is obvious that the need for improved security is more pronounced in PLMN networks than in conventional telecommunication networks.
The basic structure of the pan-European digital cellular radio system GSM (Global System for Mobile Communications) is shown in FIG. 1. The structure of the GSM network consists of two parts: a base station sub-system (BSS) and a network subsystem (NSS). The BSS and mobile stations MS communicate by means of radio connections. A base transceiver station (BTS) serves each cell in the base station subsystem BSS. A group of base stations BTS is linked to a base station controller (BSC) serving to control the radio frequencies and channels used by the base station BTS. The base station controllers BSC are linked to a mobile switching centre (MSC). A mobile switching centre serves to switch calls involving at least one mobile station MS. Some mobile switching centres MSC are linked to other telecommunication networks, such as a public integrated services network (PISN), and include switching procedures for dealing with calls to and from these networks. Such mobile switching centres are called gateway MSCs (GMSC).
Two types of data bases are involved in the routing of calls. Subscriber data on all subscribers is stored in a home location register HLR permanently or semi-permanently, including information on the services the subscriber can access and the present location of the subscriber. An other type of register is a visitor location register VLR. The VLR is usually associated with one mobile switching centre MSC, but may serve several centres. The visitor location register VLR is usually integrated into the mobile switching centre MSC. Such an integrated network element is called a visited mobile switching centre (VMSC). When a MS is active (it has registered in the network and may initiate or receive a call), the majority of the subscriber data on the mobile station MS in the home location register HLR is loaded (copied) into the visitor location register VLR of the mobile switching centre MSC whose area the MS is roaming.
The GSM system incorporates an extremely secure authentication system. This is also true of derivatives of the GSM system, such as the DCS, based on what is known as the challenge and response principle. When a subscriber contract is drawn up, the subscriber is allocated a secret subscriber authentication key (Ki) and an international mobile subscriber identity (IMSI). Ki is stored in a GSM network element serving this purpose and called the authentication centre (AUC), associated with or connected to the subscriber home location register (HLR). The authentication centre AUC also comprises an encryption algorithm called A8, and an authentication algorithm called A3, and a random number RAND generator. An encryption key Kc is generated by the algorithm A8 on the basis of Ki and RAND. Similarly, a signed response (SRES) is generated by the algorithm A3 on the basis of Ki and RAND. These three parameters, RAND, Kc, and SRES form a subscriber-specific triplet, employed later in authentication and encryption.
Referring to FIG. 2, the authentication centre AUC comprises a data base 20 for storing the authentication key Ki of each GSM network subscriber. The subscriber Ki may be retrieved from the data base 20 by using the mobile subscriber identity IMSI as index.
In order not to have to calculate and send the triplet always when it is needed, the AUC/HLR calculates several triplets for each subscriber in advance and delivers them on request to the visitor location register (VLR) and to the mobile switching centre (MSC), in which they are stored. The MSC/VLR has one unused triplet always at its disposal for each visiting subscriber. High-quality security presumes that the triplet is used only once for one connection, and is destroyed thereafter.
FIG. 4 shows some subscriber-specific triplets. A security parameter file 40 comprises n triplets 1 to n for each subscriber identity IMSI. This reserve in the security parameter file 40 is formed when a mobile subscriber registers in a visited centre MSC and a visitor location register VLR for the first time. It is part of the subscriber data which was loaded from the home location register HLR in connection with the INSERT SUBSCRIBER DATA message.
Referring to FIG. 5, when a subscriber has used all triplets at its disposal, the AUC/HLR is requested to calculate and send back a new series. This triplet completion procedure consists of two messages: SEND PARAMETERS and a response thereto called SEND PARAMETERS RESULT. The former contains the IMSI of the mobile subscriber, used to retrieve Ki for calculation of the triplets, as described in connection with FIG. 2. The triplets calculated are delivered to the MSC/VLR in the SEND PARAMETERS RESULT message and stored in the visitor location register VLR.
Still referring to FIG. 4, a mobile station MS sends an access request to the MSC/VLR. The latter retrieves a triplet reserved for the mobile subscriber from the security parameter file 40 by using the IMSI as index. On one hand the MSC/VLR forwards the value of Kc to the channel equipment of the base station controller BSC to be used in traffic channel coding, and on the other hand it forwards the value of RAND to the mobile station in an AUTHENTICATION REQUEST message. This is depicted by block 41 in FIG. 4. On the basis of RAND the mobile station MS calculates the other values (SRES and Kc) of the triplet.
Referring now to FIG. 3, a copy of the mobile subscriber authentication key Ki, and the encryption algorithm A8 and the authentication algorithm A3 are stored in the mobile station. On receiving an AUTHENTICATION REQUEST message, the mobile station MS isolates RAND from the message, feeding it and the stored Ki to the algorithms A3 and A8, respectively, for calculation of the signed response SRES and the encryption key Kc. The SRES calculated is forwarded to the MSC/VLR in the AUTHENTICATION REQUEST message in order to complete the authentication, as is shown in FIGS. 4 and 5.
Referring to FIG. 4, the MSC/VLR isolates the value of SRES from the AUTHENTICATION REQUEST message (block 42) and retrieves the stored value of SRES from the file 40 (block 43). Thereafter the MSC/VLR, for this particular connection and before any other processing, authenticates the mobile subscriber by checking that the SRES calculated in the AUC/HLR and the SRES calculated in the mobile station (block 44) are identical. If these two values are identical, access is permitted (block 45). Otherwise access is denied (block 46).
As an example, in the GSM system the authentication of a mobile subscriber is subject to a subscriber-specific authentication unit. Thus, the actual terminal is not tied up with a specific subscriber. The subscriber authentication unit, e.g. a SIM card, is a processor card or a smart card to be inserted into the mobile station and containing data required for subscriber authentication and radio traffic encryption, such as the authentication key Ki. In this application the subscriber authentication unit, e.g. a SIM card, refers to a processor card associated with a mobile station and generally detachable therefrom, by means of which a subscriber may use a card operated mobile station.
Thus, if a subscriber authentication unit, e.g. a SIM card (Subscriber Identity Module) is being used, the user does not necessarily have to possess a mobile station, but a subscriber authentication unit, such as a SIM card, in a way a phonecard, issued by a mobile communication system operator, is sufficient for the subscriber to make and receive calls from any mobile station of the system. The purpose of a SIM card is on one hand to place user authentication data safely protected at the disposal of the mobile station, and on the other hand to offer services to the mobile station. The services include e.g. maintenance of the identification number (input, change etc.), maintenance of the data protection key, i.e. the authentication key Ki, and unblocking a SIM card when it has been blocked as a result of too many inputs of a false PIN (Personal Identification Number). Unblocking a blocked SIM card is carried out e.g. by means of the PUK code (Personal Unblocking Key).
As an alternative way to implement the authentication unit, a part called plug-in-SIM has been employed to insert a SIM card into mobile phones, this part containing the electronics of the credit-card-sized SIM card and being about the size of a coin. A plug-in-SIM is inserted into the telephone such that the user cannot easily exchange it. The telephone may even comprise a fixed plug-in-SIM and additionally a card reader. If a card is inserted into the card reader, the telephone is identified according to the external card, otherwise according to the fixed plug-in-SIM card.
Thus, in the sense of this application, a mobile station (MS) consists of two parts, i.e. a mobile equipment (ME) and a subscriber identity module (SIM). The SIM card is defined in the GSM recommendation 02.17. The recommendation 11.11 specifies the issues restricted by 02.17 by defining e.g. the protocols between SIM and ME, the exact contents and lengths of SIM data fields, and issues associated with the electric and mechanical connection. An example of a data field included in a SIM card is the IMSI (International Mobile Subscriber Identity) which identifies a mobile subscriber. Similarly, in the sense of this application, the concept SIM refers generally to a subscriber authentication unit, e.g. a SIM card, a small plug-in-SIM card, a credit-card-sized SIM smart card, and a subscriber authentication unit firmly fixed to the mobile station and containing the subscriber identity and the authentication key Ki, unless the context implies otherwise.
In accordance with the GSM recommendations 02.17 and 11.11, three algorithms, A3, A5, and A8, are used. Algorithm A3 is used for authentication, algorithm A8 for generating an encryption key, and algorithm A5 for encryption. Algorithms A3 and A8 are installed both to the SIM card and to the authentication centre AUC. Algorithm A5 is installed both to the mobile equipment ME and to the base station BTS. Other data also stored in the authentication centre AUC include: the subscriber identity IMSI, the authentication key Ki, and version information on the algorithm used. The same data is also stored in the mobile subscriber""s SIM card.
A problem arises in the above prior art mobile communication system when a SIM card or the data contained therein fall into the hands of a unauthorized person. This may occur when the telephone is lost or stolen, or only the SIM card is stolen therefrom. In this case the system comprises two SIM cards with identical data; the original and a copy. The use of a copied card is harmful to the mobile subscriber who owns the original card regardless of whether the misuse is extensive or slight. Extensive misuse may become extremely expensive until the subscriber notices the problem in the next telephone bill. However, if the misuse is slight, the problem may remain unnoticed for a long time. In the scope of the present application, the use of a copied SIM card refers to any technique of using fraudulently the SIM card data of another mobile subscriber.
Thus, the object of the invention is to provide a method and an equipment for implementing the method so that the above problems associated with the misuse of a SIM card or the data contained therein are solved. The objects of the invention are achieved with methods and systems characterized in what is disclosed in the independent claims. The dependent claims disclose the preferred embodiments of the invention.
The invention is based on the idea that the GSM system and its derivatives are a kind of xe2x80x9can ideal case of mobilityxe2x80x9d wherein only the information included in a SIM card is needed to support subscriber mobility. The majority of mobile station users would benefit from increased security at the expense of mobility. The invention is based on the idea that a mobile subscriber is given the chance to restrict the use of his/her subscriber identity to one or a few terminals. The invention is implemented e.g. so that a data element indicating if the use of said subscriber identity is restricted to certain terminals is added to one of the network registers. Should the use be restricted to certain terminals, a list of the terminals in connection with which said subscriber identity can be used is also stored in the register. Later, in connection with location updating, an inquiry is made to the register to see if the use of the subscriber identity is restricted to certain terminals. In case the use is restricted, a check is made to see if the identity of the terminal which made the location updating has been stored in the list of allowable terminals. If the identity of said terminal is not stored in the list of allowable terminals, location updating is rejected.
In the case of the GSM system and its derivatives, the register wherein the additional data according to the invention is stored is the home location register. In this case the subscriber identifier is IMSI and the terminal identifier is IMEI (International Mobile Equipment Identity). However, the identifiers IMSI and IMEI are only intended to illustrate the operation of the invention and not to restrict it to the GSM system nor the IMSI and IMEI identifiers.
The invention improves the security of a mobile communications system against misuse. The changes needed to implement the invention can be restricted to a distinctly definable small area, mainly to the software controlling the home location register. Implementing the invention does in no way disturb the operation of such network elements to which the operation according the invention has not been added.